We've got crontabs set up in /etc/cron.d to run various things, and we have them running as a specific local user.
Watching the LDAP logs, I can see the servers in question making requests for that username to the LDAP server every time cron runs, even though that user isn't in LDAP and is only local. nsswitch is configured to do "files ldap" as well.
The constant stream of LDAP queries is killing LDAP and making it impossible to log into our boxes.
I configured ldap server & client on centos,then i connected centos and suse with network.now want to get group of any user from this server via suse.is it possible with perl scripts? or i need to install other modules on suse or centos?(such as : pam,nss)
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic AuthBasicProvider ldap anon Order allow,deny Allow from all
This part by itself works for the LDAP authentication:
Anonymous guest Anonymous_VerifyEmail Off Anonymous_MustGiveEmail Off Anonymous_LogEmail on Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
The issue is that my CentOS workstation is in a vlan from where the Intranet's DNS servers are unreachable. For browsing the web there is an ISA proxy server, which I presume resolves DNS for my firefox. However, wget, host, ping and aria2c fail to get any sort of DNS resolution since they're being run from command line.I have exported HTTP_PROXY value, which provides me internet access on console, but,only when I connect using IP address. It fails on name resolution.
My question is:May I redirect the DNS queries to my home PC which would be running a DNS server on a non standard port?I was thinking of putting nameserver 127.0.0.1 in /etc/resolv.conf and then put iptables rule to redirect 127.0.0.1:53 UDP to a.public.ip.address:3535 UDP..I don't know if I am shooting blanks or what, I am not very much aware of this kind of setup.My main need is to provide DNS resolution to console apps.I want to utilize my company's idle bandwidth for bulk downloads, so, using proxy, SSH tunneling through my Home PC is out of question.
I have a ClarkConnect (CentOS based) box running as my home router on a RR connection. I had the DNS servers set up to use Google's DNS server. I want to change them back to the local DNS servers but I can't find an obvious/easy way to get those address short of a) reconfiguring the router's network to DHCP them (would rather not interrupt everyone) or b) calling their tech support (kill me now!). Is there a command line tool/command I can use to query the DHCP server on the external NIC to see what DNS servers it would set me up with w/o munging my existing setup?
"Merging" may not be quite the right word but that is the desired end result.
Scenario: many Solaris 10 servers, each with various local users. We want to set up LDAP for all for all of them. LDAP server is set up, procedure for getting other servers to use it for user authentication is documented and tested. The question is how to handle users that are in LDAP who also exist as a local user on a given machine.
It appears that the usernames on both sides follow a convention and therefore match but obviously the userids will not match. Local user joe has userid 1234, LDAP user joe has userid 56789.
The way I see it we'll have to:
1. move local user joe's home directory to the path that LDAP user joe will want
2. change local user joe's userid to that of LDAP user joe
3. change joe's files' owner to his new userid
4. remove local user joe
5. finally configure LDAP
Is this a rational procedure? Is there a more effective method? I'm not looking forward to this as there are many servers and each of them have a different set of local users, each with different userids which will have to be handled manually and individually therefore not even scriptable much.
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
I have two servers. One of them has a svn server running and another hosting projects.
I have a daily cronjob updating the projects -- ie running svn update, rebuild etc.
Now, my cronjob on the remote server works. However, a similar cronjob running on the local server for local projects (ie the same server as svn) is instead displaying a "svn: not working copy".
I double checked the paths, permissions and user info and if the script is launched manually, it works fine. Deploying the same thing remotely works.
I even tried using file:/// (suggested here http://www.hightekhosting.com.au/myaccount/knowledgebase/90/Using-SubversionorSVN-on-cPanel-Servers.html) but still nothing.
Is it possible to add LDAP user from client to server, in Linux.
I am using RHEL5.0 LDAP server, also i have 10 clients (RHEL 5.0) machine also. I want to know "Is it possible to add LDAP user from client (export) to server".
I want to Configure Linux LDAP Server for user authentication when my users want to connect to the internet.Also i don't want the user to get the home directory on server. i configured ldap server and ldap client without PAM & SASL.and now with perl i can search in ldap for my client's username & password in ldap.
I am facing problem in adding new users in ldap server and client for a long time. I configure ldap server and client successfully and I can login the client machine by a user. User is created on server during configuring the server but after same time when I create a new user on server and create a home dir for the same user on client machine and assign 700 permission on home dir of same user and copy the /etc/skel/.* /home/user-dir and when run the command "#chown -R user:users /home/user" it shows invalid user error.
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
I have installed webmin. I am configuring ldap server using webmin gui. when i try to add user by ldap user and group I get following error. Failed to save user; Failed to add user to ldap database; modification required authentication. I am new in ldap configuration and hope for best reply.
I have configured Ldap Server in CentOS 5.4 & it's working fine, the problem is when I create a ldapuser from server the user can login in client machine but the user has no rights to change the password. How to rectify this by using commands.
I am new to ldap. I've installed openldap server in a centos but yet to test it. My question is how to force user to login to the system using ldap instead of non-ldap login? For example, I created some users in the ldap server, these users are exist in /etc/passwd, when ssh login to server as user, it normally authenticates through /etc/passwd file without being forced to use ldap.
I have oracle installed on Linux I want to schedule a script "backup.sh" to run in oracle user.
oracle@linux1]crontab -e */2 * * * * /tmp/backup.sh this script does not execute by cron. But oracle@linux1 tmp] ./backup.sh ------executes successfully
I don't know why the script is not being executed by cron.
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
I'm using Net::Bluetooth to create an RFCOMM socket on my Linux box. I need for it to register with SDP with a specific UUID. The perl code can be viewed in this link. I am unable to make the connection from a remote device however. This remote device (my Android phone) is able to connect to other RFCOMM devices using this UUID. I would like to troubleshoot the problem, but I can't find a way to browse the LOCAL SDP records of my PC where the Perl script is running (and waiting for incoming BT connections). how to browse the SDP records on the local PC?
I have configured LDAP Server on RHEL 5.2 successfully and client can login to the server. But I do no how a client can change its LDAP password on his client machine.
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
I've got a server running CentOS 4.8 (binary compatible RHEL 4.8 clone) that's decided all the accounts are expired.I've tried this on multiple accounts so far, to no avail.chage -l <username>Shows that the account never expires. In this case the problem was first noticed with the root account, then I tested it with my user account, and got the same answer, the account never expires.For the test I added a crontab to my account, and to roots, ever minute run "whoami"In the log I get (once for each crontab):rond[]: User account has expiredRecycling crond doesn't help, and I can't recycle the box itself as I've got users on it (pounding away at the poor box at that).
Several searches so far have only turned up that locked root accounts (ala debian/ubuntu) can cause this, and check or correct the age of the account using chage.Comparing entries in /etc/shadow to other boxes where everything is kosher doesn't seem to help either: the important bits are identical.
Working box: kschmitt:$1$QykLetnt$ynSZ.7uKQSRnS3lsYe01w1:14613:0:99999:7::: Screwie box:
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week. Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
I recently installed FC14 as my server and is able to ssh and vnc into the server when locally logged in. If i logged out (at login screen) then i cant ssh or vnc into the server. It is pointless to have a server if i am not able to remote in via ssh and vnc.
